While attempting to configure the Synchronization Service Azure BackSync settings using the configuration wizard one of the following errors can be seen:
Configure Azure BackSync settings Error - Error while configuring azurebacksync for ARS.Object reference not set to an instance of an object.
Error while configuring azurebacksync for ARS.Microsoft.Azure.Commands.Common.Authentication.AadAuthenticationFailedException: AADSTS50158: External security challenge not satisfied.
The remote server returned an error: (400) Bad Request. ---> Microsoft.IdentityModel.Clients.Active.Directory.AdalServiceException: AADSTS50158: External security challenge not satisfied.
System.Net.WebException: The remote server returned an error (400) Bad Request.
Configure Azure BackSync Settings Error:
Error while configuring azurebacksync for ARS.Cannot bind argument to parameter ‘ObjectId’ because it is null.
This issue is seen when the Directory Writers Role is not enabled on the Microsoft Azure Portal. The Directory Writers Role is disabled by default as outlined in the Active Roles Administration guide, and is listed as a required pre-requisite in order to configure the Azure BackSync successfully.
Directory Writers Role must be enabled in Azure Active Directory. To enable the role use the following script:
To query enabled roles use the following cmdlet and ensure that Directory Writers shows on the list of returned objects:
Note: This error AADSTS50158: External security challenge not satisfied can be viewed along with other Microsoft Azure Authentication and authorization error codes at Microsoft's site here.